Eclipse Mosquitto MQTT broker

by Eclipse Foundationv2.1.2

Last updated Jun 8, 2026

Eclipse Mosquitto - An open source MQTT broker

Install with winget

$ winget install --id EclipseFoundation.Mosquitto --exact --version 2.1.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Eclipse Mosquitto MQTT broker

Eclipse Mosquitto MQTT broker uses EXE (NSIS). The silent install switches are /S.

One-line silent install (x64, machine scope)

mosquitto-2.1.2-install-windows-x64.exe /S

See the full silent install reference for Eclipse Mosquitto MQTT broker →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v2.1.2

Architecture	Type	Scope	Install	Download
x86	EXE NSIS	machine		Direct
x64	EXE NSIS	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

12 known CVEs via NVD

medium6.5Patched in wingetCVE-2024-3935affects before 2.0.19Oct 30, 2024
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBL...
Patch Vendor advisory
critical9.8Patched in wingetCVE-2024-10525affects before 2.0.19Oct 30, 2024
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosqui...
Patch Vendor advisory
high7.5Patched in wingetCVE-2024-8376affects before 2.0.19Oct 11, 2024
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Patch
high7.5Patched in wingetCVE-2023-5632affects v2.0.5Oct 17, 2023
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack...
Patch
medium5.8Patched in wingetCVE-2023-3592affects before 2.0.16Oct 2, 2023
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
medium5.8Patched in wingetCVE-2023-0809affects before 2.0.16Oct 2, 2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
high7.5Patched in wingetCVE-2023-28366affects before 2.0.16Sep 1, 2023
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc s...
Patch
high7.5Patched in wingetCVE-2021-41039affects >=1.6 and <=2.0.11Dec 1, 2021
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
Patch Vendor advisory

Showing 8 of 12. Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

S
SUMO.ExtraEclipse Foundation
EclipseFoundation.SUMO.Extrav1.27.0
Eclipse SUMO is an open source, highly portable, microscopic and continuous traffic simulation package designed to handle large networks. The Extra package contains also video recording and 3D GUI.
NetSentinelNetSentinel Project
NetSentinel.NetSentinelv2.1.2
Network security scanner — rogue device detector, STP monitor, and connectivity analyser
MQTTXEMQX Team
EMQ.MQTTXv1.13.0
Your All-in-One MQTT Client Toolbox
MQTT ExplorerThomas Nordquist
thomasnordquist.MQTT-Explorerv0.3.5
An all-round MQTT client that provides a structured topic overview.
Azure IoT Explorer PreviewMicrosoft
Microsoft.Azure.IoTExplorerv0.15.12
Cross-platform UI for interacting with devices attached to Azure IoT Hub
TelegrafInfluxData Inc.
InfluxData.Telegrafv1.36.3
Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.

More from Eclipse Foundation or browse internet-of-things, iot, mqtt.

Frequently asked questions

How do I install Eclipse Mosquitto MQTT broker on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id EclipseFoundation.Mosquitto --exact --version 2.1.2. winget downloads the installer from Eclipse Foundation and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Eclipse Mosquitto MQTT broker silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id EclipseFoundation.Mosquitto --exact 2.1.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Eclipse Mosquitto MQTT broker?

Eclipse Mosquitto MQTT broker uses EXE (NSIS). Run the downloaded installer with: mosquitto-2.1.2-install-windows-x64.exe /S. The silent switches are /S.

How do I uninstall Eclipse Mosquitto MQTT broker via winget?

Run: winget uninstall --id EclipseFoundation.Mosquitto --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Eclipse Mosquitto MQTT broker's Apps & Features entry.

Is Eclipse Mosquitto MQTT broker free?

Eclipse Mosquitto MQTT broker is distributed under Eclipse Public License 2.0 and Eclipse Distribution License 1.0. Refer to the publisher (https://mosquitto.org/) for the full license terms - Wingetly itself does not charge for installation.

Does Eclipse Mosquitto MQTT broker work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Eclipse Mosquitto MQTT broker directly from the publisher.

How do I keep Eclipse Mosquitto MQTT broker up to date?

Run winget upgrade --id EclipseFoundation.Mosquitto --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Eclipse Mosquitto MQTT broker from microsoft/winget-pkgs.

Recent versions

2.1.2latest
2.1.1
2.1.0
2.0.22
2.0.21
2.0.20
2.0.18
2.0.17
2.0.16
2.0.15